Security News

Google and WhatsApp also binned, which is far easier to explain than canning a local hero Hong Kong’s government has updated infosec guidelines to restrict the use of Chinese messaging app WeChat,...

A previously undocumented threat cluster has been linked to a software supply chain attack targeting organizations primarily located in Hong Kong and other regions in Asia. The attacks, per the cybersecurity firm, leverage a trojanized version of a legitimate software called EsafeNet Cobra DocGuard Client to deliver a known backdoor called PlugX on victim networks.

A previously unidentified APT hacking group named 'Carderbee' was observed attacking organizations in Hong Kong and other regions in Asia, using legitimate software to infect targets' computers with the PlugX malware. Symantec reports that the legitimate software used in the supply chain attack is Cobra DocGuard, created by Chinese developer' EsafeNet,' and used in security applications for data encryption/decryption.

The reports, "Apps at Risk: Apple's Censorship and Compromises in Hong Kong" and "United Apple: Apple's Censorship and Compromises in Russia," were released by the Apple Censorship Project, which is run by free speech advocacy group GreatFire. "Apple's temporary withdrawal from Russia following the start of the war in Ukraine, and Apple's decision to move part of its production out of China, have not provided tangible evidence of any improvement of the situation in the App Store so far. For all we know, Apple is still willing to collaborate with repressive regimes."

The China-aligned espionage-focused actor dubbed Winnti has set its sights on government organizations in Hong Kong as part of an ongoing campaign dubbed Operation CuckooBees. Active since at least 2007, Winnti is the name designated to a prolific cyber threat group that carries out Chinese state-sponsored espionage activity, predominantly aimed at stealing intellectual property from organizations in developed economies.

Researchers at Symantec have uncovered cyberattacks attributed to the China-linked espionage actor APT41 that breached government agencies in Hong Kong and remained undetected for a year in some cases. Symantec's report notes that there are signs that the newly discovered Hong Kong activity is part of the same operation, and Winnti's targets are government agencies in the special administrative region.

YouTube has blocked the campaign account of Hong Kong's only candidate for the Special Administrative Region's head of government, John Lee Ka-chiu, citing US sanctions. Lee, often referred to as "Pikachu" by the Hong Kong anti-establishment faction as it sounds similar to "Lee Ka-chiu," stepped down from his position as Secretary for Security in Hong Kong to run for the chief executive spot.

Google researchers on Thursday disclosed that it found a watering hole attack in late August exploiting a now-parched zero-day in macOS operating system and targeting Hong Kong websites related to a media outlet and a prominent pro-democracy labor and political group to deliver a never-before-seen backdoor on compromised machines. "Based on our findings, we believe this threat actor to be a well-resourced group, likely state backed, with access to their own software engineering team based on the quality of the payload code," Google Threat Analysis Group researcher Erye Hernandez said in a report.

Since at least late August, attackers have been using flaws in macOS and iOS - including in-the-wild use of what was then a zero-day flaw - to install a backdoor on the Apple devices of users who visited Hong Kong-based media and pro-democracy sites. In other words, the threat actors threaded malware into the legitimate websites of "a media outlet and a prominent pro-democracy labor and political group" in Hong Kong, according to TAG. The victims' devices were inflicted with what was then a zero day, plus another exploit that used a previously patched vulnerability for macOS that was used to install a backdoor on their computers, according to TAG's report.

Google researchers discovered a MacOS zero-day exploit being used against Hong Kong activists. Google's researchers were able to trigger the exploits and study them by visiting the websites compromised by the hackers.